These terms and what they imply can become confusing, so let`s look at how HHS defines them: what is a business associate? “counterparty”: a person or organization that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of a covered company or that provide services to a covered business; An insured company staff member is not a business partner. A covered health care provider, health plan or health care clearinghouse may be a counterpart to another insured company. The data protection rule lists some of the functions or activities and related services that make an individual or organization a business partner when the activity or service involves the use or disclosure of protected health information. The types of functions or activities that can make an individual or organization a counterpart include payment or health transactions, as well as other functions or activities governed by administrative simplification rules. Does a contractor have to comply with any provision of your BAA? The data protection rule seems to say so. The rule is that all counterparties accept restrictions identical to those of the counterparty. Counterparty agreements called BAAs are legally binding documents that describe PHI`s treatment between the covered entity and the counterparty and who is liable in the event of an infringement. This agreement is what can protect you and your business as a practitioner if a business partner is in violation. Today we will see who are trading partners, how they are different from a covered company, who needs a BAA and what happens if not on the spot. HHS simplifies the things a BAA should cover.
The source of the regulations is THE administrative simplification HIPAA. This is a 115-page document, so focus only on the following two sections: Direct employees of this organization do not need to sign a BAA because they are part of your organization and are not considered business partners themselves. Yet they are still covered by HIPAA laws. As an employer, you have a responsibility to train your staff in how to preserve the integrity and disqualification of protected health information.